Wednesday, 18 October 2017

Certcheck for checking and notifying certificate expiry date

#############################################################################################################
# Description : certcheck will report certificate expiry date for all the URLs that is available in urls.txt#
# Date  : 10/17/2017                                                                                        #
# Ver   : 2.0                                                                                               #
# Ver 1 : 10/17/2017                                                                                        #
# Ver 2 : Added Email Alerts 10/18/2017                                                                     #
# Usage : execute ./certcheck.ksh                                                                           #
#############################################################################################################

EXP_DAYS=90
DATA_FILE_PATH="urls.txt"
OPENSSL="/usr/bin/openssl"
MAILX="/bin/mailx"
EMAILADDRFILE='emails.txt'


function check_expiry {

        DAYS=`echo "(($(date -d "$2" +%s))-$(date +%s))/86400" | bc -l|awk -F'.' '{ print $1 }'`

        if [ $DAYS -lt 0 ]; then
                echo " Certificate already expired $DAYS ago";
        elif [ $DAYS -gt 0 -a $DAYS -lt $EXP_DAYS ] ; then
                echo " Certificate renewal due in $EXP_DAYS Days - Sending Email Alert";
                EMAIL_ADDRS=`cat $EMAILADDRFILE`
                echo " $EXP_DAYS Days certificate expiry notice for $1"|$MAILX -s "IMPORTANT ${1} - Certificate will expire in $EXP_DAYS Days"  $EMAIL_ADDRS
        else
                echo "   Certificate expires in $DAYS days"
        fi
}

cat $DATA_FILE_PATH|grep -v '#' |while read SERVERNAME
do
         if [ $(echo $SERVERNAME|grep ":" | wc -l) -eq 1 ]; then
           echo -n $SERVERNAME" "
           DATESTR=`(echo | $OPENSSL s_client -connect $SERVERNAME 2>/dev/null | $OPENSSL x509 -noout -enddate|sed 's/notAfter=//g') | awk -F' ' '{ print $1" "$2" "$4 }'`
        else
          echo -n ${SERVERNAME}:443 " "
           DATESTR=`(echo | $OPENSSL s_client -connect $SERVERNAME:443 2>/dev/null | $OPENSSL x509 -noout -enddate|sed 's/notAfter=//g' ) | awk -F' ' '{ print $1" "$2" "$4 }'`
         fi
        echo -n $DATESTR
        check_expiry "$SERVERNAME" "$DATESTR"
done

No comments:

Post a Comment